Apache Tomcat version older than 7.0.23

  • The following problems were fixed in Apache Tomcat version 7.0.23: <br/><br/> <ul> <li> <strong>Important: Denial of service CVE-2012-0022</strong><br/> Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values. </li> </ul> <br/><br/><span class="bb-navy">Affected Apache Tomcat versions (7.0.0 - 7.0.22).</span><br/>
  • Upgrade to the latest version of Apache Tomcat.